[cryptography] OT: THE GREAT SIM HEIST
rysiek
rysiek at hackerspace.pl
Sun Feb 22 05:10:08 PST 2015
Dnia czwartek, 19 lutego 2015 16:47:25 grarpamp pisze:
> On Thu, Feb 19, 2015 at 3:50 PM, Jeffrey Walton <noloader at gmail.com> wrote:
> > https://firstlook.org/theintercept/2015/02/19/great-sim-heist/
In case anybody missed it:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
In order for the cards to work and for the phones’ communications to be
secure, Gemalto also needs to provide the mobile company with a file
containing the encryption keys for each of the new SIM cards. These master key
files could be shipped via FedEx, DHL, UPS or another snail mail provider.
More commonly, they could be sent via email or through File Transfer Protocol,
FTP, a method of sending files over the Internet.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Wait, does that mean master keys were being sent in cleartext via open
Internet?
Yes. Yes it does.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The document noted that many SIM card manufacturers transferred the encryption
keys to wireless network providers “by email or FTP with simple encryption
methods that can be broken … or occasionally with no encryption at all.” To
get bulk access to encryption keys, all the NSA or GCHQ needed to do was
intercept emails or file transfers as they were sent over the Internet —
something both agencies already do millions of times per day. A footnote in
the 2010 document observed that the use of “strong encryption products … is
becoming increasingly common” in transferring the keys.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
--
Pozdrawiam,
Michał "rysiek" Woźniak
Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20150222/3d2aad9d/attachment-0002.sig>
More information about the cypherpunks
mailing list